Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

.ENV Instead of putting credentials in config.php

So I want to be able to put database passwords into .env file in the root of my app and .gitignore that file.
I was looking around and found phpdotenv solution but didn't seem to work well since I keep getting a 500 server error

Anyone have any suggestions?



  • Options

    Don't do it is my suggestion. The framework is designed a certain way for a reason. config.php itself should .gitignored

    What are trying to achieve?

    grep is your friend.

  • Options
    R_JR_J Ex-Fanboy Munich Admin

    I like the idea of having a universal file for db access. But I use different databases for each different purpose so it wouldn't be of any help for me personally.

    I understand the need to give any extra security on anything. But wouldn't it be easier to use a .htaccess like that in your /conf directory?

    AuthName "config"
    AuthType Basic
    AuthUserFile ./.htpasswd
    require valid-user

    But that all doesn't answer your question. I guess it should be possible. Maybe you could add some lines of code in /conf/bootstrap.before.php to add your db credentials to your configuration...

  • Options
    R_JR_J Ex-Fanboy Munich Admin

    Actually it is quite easy!

    • Create your .ENV
    • Create a file in your Vanillas /conf folder called bootstrap.early.php
    • Use following code in there
    Get the info from your .ENV file. Maybe a simple
    is enough, and maybe you have to use other functions to extract the
    info depending on the format of your .ENV file
    Whatever: get the information into variables that you can use for the
    next step
    // Save it __temporarily__ to the config.
    saveToConfig('Database.Name', $DatabaseName, array('Save' => false));
    saveToConfig('Database.Host', $DatabaseHost, array('Save' => false));
    saveToConfig('Database.User', $DatabaseUser, array('Save' => false));
    saveToConfig('Database.Password', $DatabasePassword, array('Save' => false));
    • Delete the Database.Name, Host, User, Password lines from /conf/config.php

    That's it!

Sign In or Register to comment.